Kaspersky Embedded Systems Security for Linux
3.4.0
English

Contents

File Threat Protection exclusions

A protection exclusion is a set of conditions. When these conditions are met, Kaspersky Embedded Systems Security does not scan the objects for viruses and other malware. You can also exclude objects by masks and threat names, and configure exclusions for processes.

In the Administration Console, you can configure File Threat Protection exclusions in the policy properties (Essential Threat Protection → File Threat Protection exclusions).

Settings of scan exclusions

Group of settings

Description

Exclusions

This group of settings contains the Configure button. Clicking this button opens the Exclusion scopes window. In this window, you can define the list of scopes to be excluded from scan.

Exclusions by mask

This group of settings contains the Configure button, which opens the Exclusions by mask window. In this window, you can configure the exclusion of objects from scans by name mask.

Exclusions by threat name

This group of settings contains the Configure button, which opens the Exclusions by threat name window. In this window, you can configure the exclusion of objects from scans based on threat name.

Exclusions by process

This group of settings contains the Configure button, which opens the Exclusions by process window. In this window, you can exclude the activity of processes.

In this section

Exclusion scopes window

<New exclusion scope> window

Exclusions by mask window

Exclusions by threat name window

Exclusions by process window

Trusted process window
Page top
[Topic 264236]

Exclusion scopes window

This table contains scan exclusion scopes. The application does not scan files and directories located at the paths specified in the table. By default, the table is empty.

Exclusion scope settings

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Path to the directory excluded from scan.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button excludes the selected scope from scans.

This button is available if at least one scan scope is selected in the table.

The selected element's settings are changed in a separate window.

Clicking the Add button opens a window where you can specify the new item settings.

Page top
[Topic 210496]

<New exclusion scope> window

In this window, you can add and configure scan exclusion scopes.

Exclusion scope settings

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in the table in the Exclusion scopes window.

The entry field must not be blank.

Use this scope

The check box enables or disables exclusion of the scope from scan when the application is running.

If this check box is selected, the application excludes this area during scans.

If this check box is cleared, the application includes this area in the scan scope. You can later exclude this scope by selecting the check box.

The check box is selected by default.

File system, access protocol, and path

The settings block lets you set the exclusion scope.

In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:

  • Local, for local directories.
  • Mounted – mounted directories.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.

If Mounted is selected in the drop-down list of file systems, you can select the remote access protocol in the drop-down list on the right:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want add to the exclusion scope. You can use masks to specify the path.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

The / path is specified by default. The application excludes all directories of the local file system from scan.

Filesystem name

The field for entering the name of the file system where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the path field.

By default the list contains the * mask (all objects).

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 248964]

Exclusions by mask window

You can configure the exclusion of objects from scans based on name mask. The application will not scan files whose names contain the specified mask. By default, the list of masks is empty.

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

Page top
[Topic 202281]

Exclusions by threat name window

You can configure the exclusion of objects from scans based on threat name. The application will not block the specified threats. By default, the list of threat names is empty.

You can add, edit, and delete threat names.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected threat from the exclusion list.

This button is available if at least one threat name is selected in the list.

Clicking the threat name in the table opens the Threat name window. In this window, you can edit the name of the threat to be excluded from a scan.

Clicking the Add button opens the Threat name window. In this window, you can define the name of the threat to be excluded from a scan.

Page top
[Topic 202282]

Exclusions by process window

The table contains the exclusion scopes for exclusion by process The exclusion scope for exclusion by process lets you exclude from scans the activity of the indicated process and files modified by the indicated process. By default, the table includes two exclusion scopes that contain paths to the Network Agents. You can remove these exclusions, if necessary.

Exclusion scope settings for exclusion by process

Setting

Description

Exclusion scope name

Exclusion scope name.

Path

Full path to excluded process.

Status

The status indicates whether the application uses this exclusion.

You can add, edit, and delete items in the table.

Clicking the Delete button removes the selected item from the table.

This button is available if at least one item is selected in the table.

You can also import the list of exclusions from a file by clicking Advanced -> Import and export the list of added exclusions to a file by clicking Advanced -> Export selected or Advanced -> Export all.

Page top
[Topic 249196]

Trusted process window

In this window, you can add and configure exclusion scopes for exclusion by process.

Exclusion scope settings for exclusion by process

Setting

Description

Exclusion scope name

Field for entering the exclusion scope name. This name will be displayed in a table in the Exclusions by process window.

The entry field must not be blank.

Path to excluded process

Full path to the process you want to exclude from scans.

Apply to child processes

Exclude child processes of the excluded process indicated by the Path to excluded process setting.

This check box is cleared by default.

Use this scope

The check box enables or disables this exclusion scope.

If this check box is selected, the application excludes this area during scans.

If this check box is cleared, the application includes this area in the scan scope. You can later exclude this scope by selecting the check box.

The check box is selected by default.

Path to modified files

This group of settings lets you set scan exclusions for files modified by the process.

In the drop-down list of file systems, you can select the type of file system of the directories to be excluded from scans:

  • Local, for local directories. If this item is selected, you need to indicate the path to the local directory.
  • Mounted – Mounted remote or local directories. If this item is selected, you need to indicate the protocol or name of the file system.
  • Shared — The protected server's file system resources accessible via the Samba or NFS protocol.
  • All remote mounted – all remote directories mounted on the device using the Samba and NFS protocols.
  • All shared — All of the protected server's file system resources accessible via the Samba and NFS protocols.

If Mounted or Shared is selected in the drop-down list of file systems, then you can select the remote access protocol in the drop-down list of access protocols:

  • NFS: remote directories mounted on a device using the NFS protocol.
  • Samba: remote directories mounted on a device using the Samba protocol.
  • Custom – resources of the device's file system specified in the field below.

If Local is selected in the drop-down list of file systems, then in the input field you can enter a path to a directory that you want add to the exclusion scope. You can use masks to specify the path. The entry field must not be blank.

You can use the * (asterisk) character to create a file or directory name mask.

You can indicate a single * character to represent any set of characters (including an empty set) preceding the / character in the file or directory name. For example, /dir/*/file or /dir/*/*/file.

You can indicate two consecutive * characters to represent any set of characters (including an empty set and the / character) in the file or directory name. For example, /dir/**/file*/ or /dir/file**/.

The ** mask can be used only once in a directory name. For example, /dir/**/**/file is an incorrect mask.

To exclude the mount point /dir, you need to specifically indicate /dir (no asterisk).

The mask /dir/* excludes all mount points at the level below /dir but not /dir itself. The /dir/** mask excludes all mount points below the level of /dir but not /dir itself.

You can use a single ? character to represent any one character in the file or directory name.

Filesystem name

The field for entering the name of the file system where the directories that you want to add to the exclusion scope are located.

The field is available if the Mounted type is selected in the drop-down list of file systems and the Custom item is selected in the drop-down list on the right.

Masks

The list contains name masks of the objects that the application excludes from scan. Masks are only applied to objects in the directory specified in the Path to modified files field.

You can add, edit, or delete masks.

Clicking the Delete button causes Kaspersky Embedded Systems Security to remove the selected name mask of files excluded from a scan.

This button is available if at least one file mask is selected in the list.

Clicking the mask opens the Object mask window. In this window, in the Define object mask field, you can modify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Clicking the Add button opens the Object mask window. In this window, in the Define object mask field, you can specify the name template for files that Kaspersky Embedded Systems Security excludes from scans.

Examples:

The *.txt mask refers to all text files.

The *_my_file_??.html mask refers to html files starting with any characters, and ending with _my_file_ followed by any two characters (for example, 2020_my_file_09.html).

 

Page top

[Topic 248958]